mirror of
https://github.com/nextcloud/server.git
synced 2026-02-20 00:12:30 -05:00
add some unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle
parent
32e0ec3e58
commit
0271ae3b46
2 changed files with 85 additions and 1 deletions
|
|
@ -34,6 +34,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
|
|||
use OC\Appframework\Middleware\Security\Exceptions\StrictCookieMissingException;
|
||||
use OC\AppFramework\Middleware\Security\SecurityMiddleware;
|
||||
use OC\AppFramework\Utility\ControllerMethodReflector;
|
||||
use OC\Security\Bruteforce\Throttler;
|
||||
use OC\Security\CSP\ContentSecurityPolicy;
|
||||
use OC\Security\CSP\ContentSecurityPolicyManager;
|
||||
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
|
||||
|
|
@ -82,6 +83,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
private $csrfTokenManager;
|
||||
/** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $cspNonceManager;
|
||||
/** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $bruteForceThrottler;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
|
|
@ -96,6 +99,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
|
||||
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
|
||||
$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
|
||||
$this->bruteForceThrottler = $this->getMockBuilder(Throttler::class)->disableOriginalConstructor()->getMock();
|
||||
$this->middleware = $this->getMiddleware(true, true);
|
||||
$this->secException = new SecurityException('hey', false);
|
||||
$this->secAjaxException = new SecurityException('hey', true);
|
||||
|
|
@ -119,7 +123,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
$isAdminUser,
|
||||
$this->contentSecurityPolicyManager,
|
||||
$this->csrfTokenManager,
|
||||
$this->cspNonceManager
|
||||
$this->cspNonceManager,
|
||||
$this->bruteForceThrottler
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -652,4 +657,70 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
|||
|
||||
$this->assertEquals($response, $this->middleware->afterController($this->controller, 'test', $response));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider dataTestBeforeControllerBruteForce
|
||||
*/
|
||||
public function testBeforeControllerBruteForce($bruteForceProtectionEnabled) {
|
||||
/** @var ControllerMethodReflector|\PHPUnit_Framework_MockObject_MockObject $reader */
|
||||
$reader = $this->getMockBuilder(ControllerMethodReflector::class)->disableOriginalConstructor()->getMock();
|
||||
|
||||
$middleware = new SecurityMiddleware(
|
||||
$this->request,
|
||||
$reader,
|
||||
$this->navigationManager,
|
||||
$this->urlGenerator,
|
||||
$this->logger,
|
||||
$this->session,
|
||||
'files',
|
||||
false,
|
||||
false,
|
||||
$this->contentSecurityPolicyManager,
|
||||
$this->csrfTokenManager,
|
||||
$this->cspNonceManager,
|
||||
$this->bruteForceThrottler
|
||||
);
|
||||
|
||||
$reader->expects($this->any())->method('hasAnnotation')
|
||||
->willReturnCallback(
|
||||
function($annotation) use ($bruteForceProtectionEnabled) {
|
||||
|
||||
switch ($annotation) {
|
||||
case 'BruteForceProtection':
|
||||
return $bruteForceProtectionEnabled;
|
||||
case 'PasswordConfirmationRequired':
|
||||
case 'StrictCookieRequired':
|
||||
return false;
|
||||
case 'PublicPage':
|
||||
case 'NoCSRFRequired':
|
||||
return true;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
);
|
||||
|
||||
$reader->expects($this->any())->method('getAnnotationParameter')->willReturn('action');
|
||||
$this->request->expects($this->any())->method('getRemoteAddress')->willReturn('remoteAddress');
|
||||
|
||||
if ($bruteForceProtectionEnabled) {
|
||||
$this->bruteForceThrottler->expects($this->once())->method('sleepDelay')
|
||||
->with('remoteAddress', 'action');
|
||||
$this->bruteForceThrottler->expects($this->once())->method('registerAttempt')
|
||||
->with('action', 'remoteAddress');
|
||||
} else {
|
||||
$this->bruteForceThrottler->expects($this->never())->method('sleepDelay');
|
||||
$this->bruteForceThrottler->expects($this->never())->method('registerAttempt');
|
||||
}
|
||||
|
||||
$middleware->beforeController($this->controller, 'test');
|
||||
|
||||
}
|
||||
|
||||
public function dataTestBeforeControllerBruteForce() {
|
||||
return [
|
||||
[true],
|
||||
[false]
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,6 +76,19 @@ class ControllerMethodReflectorTest extends \Test\TestCase {
|
|||
}
|
||||
|
||||
|
||||
/**
|
||||
* @Annotation parameter
|
||||
*/
|
||||
public function testGetAnnotationParameter(){
|
||||
$reader = new ControllerMethodReflector();
|
||||
$reader->reflect(
|
||||
'\Test\AppFramework\Utility\ControllerMethodReflectorTest',
|
||||
'testGetAnnotationParameter'
|
||||
);
|
||||
|
||||
$this->assertSame('parameter', $reader->getAnnotationParameter('Annotation'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @Annotation
|
||||
* @param test
|
||||
|
|
|
|||
Loading…
Reference in a new issue